China is attempting to mirror the entire GitHub over to their own servers, users report
China is attempting to mirror the entire GitHub over to their own servers, users report
Attached: 3 images tldr: GitCode or China is attempting to mirror/clone the entire GitHub over to their own servers and there's nothing you can do about it, even if your license somehow disagrees with it. Apparently China now has their own GitHub/public Git repository hosting service called GitCod...
GitCode, a git-hosting website operated Chongqing Open-Source Co-Creation Technology Co Ltd and with technical support from CSDN and Huawei Cloud.
It is being reported that many users' repository are being cloned and re-hosted on GitCode without explicit authorization.
There is also a thread on Ycombinator (archived link)
Solution: create a GitHub repo with Markdown articles outlining human rights abuses by the CCP and have a large number of GitHub users star and fork the repo.
You've heard of CamelCase and lowercase and intVariableName variable naming styles. Get ready for:
for (int Taiwan == 0; Taiwan < HongKong; Taiwan++) { int TianamenSquare == 0; ... }
That's the whole point of this: they will automatically filter that out, and this is an impotent, though well intended, gesture.
genius.
create a GitHub repo with Markdown articles outlining human rights abuses by the CCP
Once you have logged "China killed 100 Zillion people! End CCP now!" in Chinese GitHub, everyone in China will realize that their lives are actually very bad and they need to do a Revolution immediately.
And here I was thinking that might prevent them mirroring the repo but whatever
Maybe we should consider the same for the US government instead of being afraid of the big Chinese boogeyman across the sea? Because I guarantee you the US has just as many, if not more. But China bad. 🙄
I was making a joke about abusing Chinese censorship in order to stop them cloning GitHub repos (assuming that was something you wanted to do). The joke being that the CCP suppresses information about their human rights abuses. That is not true of the US. You could absolutely make a GitHub repo detailing the crimes of the US government. Nobody will stop you.
426
Yes yes, what about the US?
The vast majority of projects on GitHub is open-source and forkable, why would that need authorization?
It's... suspicious that China's doing it en masse, but there's nothing wrong in cloning or forking a repo last i heard.
It's not about authorization. They want to build a knowledge base for when the Great Firewall gets some more filters. Just like russias mirror of wikipedia which is heavily edited to discredit the west.
This seems like the most plausible explanation. Only other thing I can think of is they want to develop their own CoPilot (which I'm guessing isn't available in China due to the U.S. AI restrictions?), and they're just using their existing infrastructure to gather training data.
Just like russias mirror of wikipedia which is heavily edited to discredit the west.
How come I live in Russia and have never seen such?
I know only of quite a few troll\counterculture projects, some, like Lurkmore, are already, well, dead, some, like Traditsiya, are not.
That, of course, if you don't mean that Russian Wikipedia in itself has problems. Which would be true.
Firewalls are already being built in america's internet with the ban of tiktok
As an european i do not see problem with having copies of free software in places not controlled by the monopoly microsoft is morphing to.
It's a bit odd, but isn't it equivalent to forking and putting up a fork elsewhere?
I guess I don't see the problem.
Ya, I kind of like the idea of code being put somewhere else just in case. It sucks it's China, but I hate to see anything centralized in one company, especially if it's a big public, good like Github and all it's code.
The only issue I see is that they make a new Chinese equivalent for GitHub where they can censor code easier (or was GitHub already blocked?), but they already censor everything anyway so there's probably effectively no change.
With the obligatory "fuck everyone who disregards open source licenses", I am still slightly amused at this raising eyebrows while nearly no one is complaining about MS using github to train their copilot LLM, which will help circumvent licenses & copyrights by the bazillion.
while nearly no one is complaining about MS using github to train their copilot LLM,
Lots of people complained about that. I've only seen this single thread complaining about this.
I complain all the time. But that's not the subject of this post...
Yeah exactly, fuck llms that don't honor licenses
nearly no one is complaining about MS using github to train their copilot LLM
What rock have you been living under??
Came here to say this. As much as I don't like china, there is really nothing to see (apart from the source, that's for everybody to see).
This could be illegal for git repos that do not have a open source license that allows mirroring or copying (BSD, Apache, Mit, GPL, etc.) Sometimes these repos are more "source available" and the source is only allowed to be read, not redistributed or modified. I would say that this is more of a matter for each individual copyright holder, not Microsoft.
But ultimately I agree, this really isn't as big of a deal as people are making.
edit: changed some wording to be clearer
Not like MS couldn't be sued.
It may be expensive but possible.
Unlike China. Good luck suing china (or the chinese government) as a whole. Maybe you'll get out a domestic ban but I can hardly believe that they will care and probably will continue with their operation. But now it's not on very legal grounds.If I look at a few implementations of an algorithm and then implement my own using those as inspiration, am I breaking copyright law and circumventing licenses?
That depends on how similar your resulting algorithm is to the sources you were "inspired" by. You're probably fine if you're not copying verbatim and your code just ends up looking similar because that's how solutions are generally structured, but there absolutely are limits there.
If you're trying to rewrite something into another license, you'll need to be a lot more careful.
As I am a big proponent of open source, there is nothing wrong even with copying code - the point is that you should not be allowed to claim something as your own idea and definitely not to claim copyright on code that was "inspired" by someone else's work. The easiest solution would be to forbid patents on software (and patents altogether) completely. The only purpose that FOSS licenses have is to prevent corporations from monetizing the work under the license.
I don't understand why this is a bad thing? Open source code is designed to be shared/distributed, and an open-source license can't place any limits on who can use or share the code. Git was designed as a distributed, decentralized model partly for this reason (even though people ended up centralizing it on Github anyways)
They might end up using the code in a way that violates its license, but simply cloning it isn't a problem.
I expect it's going likely to be used to train some Chinese AI model. The race to AGI is in progress. IMO: "ideas" (code included) should be freely usable by anyone, including the people I might disagree with. But I understand the fear it induces to think that an authoritarian government will get access to AGI before a democratic one. That said I'm not entirely convinced the US is a democratic government..
PS: I'm french, and my gov is soon to be controlled by fascist pigs if it's not already, so I'm not judging...
The code needs to maintain the copyrights and authors. They are "mirroring" usernames into their own domain, with mails that dont correspond to the original authors, stealing their contributions.
with mails that dont correspond to the original authors,
Oh! I didn't realise this. Do you have an example?
That would make it plagiarism, which ethically is a whole different matter than merelly copying that which is free to copy.
I’m seeing this misconception in a lot of places.
Just because something is on GitHub, doesn’t mean it’s open source. It doesn't automatically grant permission to share either.
I personally don't care if someone "steals" my code (Here's my profile if you want to do so: https://github.com/ZILtoid1991 ), however it can mean some mixture of two things:
- China is getting ready for war, which will mean the US will try its best to block technology, including open source projects.
- China is planning to block GitHub due to it being able to host information the Chinese government might not like.
Of course it could mean totally unrelated stuff too (e.g. just your typical anti-China and/or anti-communist paranoia sells political points).
But china bad and scary.
fun to think that my shitty program is now stored in an artic vault and stored in some Chinese servers
So many bugs I never fixed and yet here we are lol
The great thing about China is that it's got lots of people eager to fix those bugs
You haven't worked with a lot of Chinese engineers, have you? https://www.chinaexpatsociety.com/culture/the-chabuduo-mindset
Quick, someone tell Nintendo!
Someone reupload yuzu, stat!
I think the major issue is here is that they are “mirroring” with the same username without clear indicating they are mirrors and they are modifying all the github links in Readme to GitCode. But if you want to claim your project, they want to only comment using the issue section of a project which requires account; but then you have to have a Chinese phone number to register account, and you will automatically get a Huawei Cloud account when you registering it
Edit: also some background info about the company behind GitCode from my other comment: the company behind GitCode is funded and owned by CSDN (China Software Developer Network) and the actual infrastructure and service is provided by Huawei Cloud. On the website they have written this statement in the registration page.
CSDN is mostly a platform to share posts on software development, but it is known to have a lot of issues, including:
- poor content and directly copied posts from other people without consent, which to a point people is considering the site a content farm; it is even a top blocked site on Kagi;
- All code provided there requires “coins” to download, even they are open-sourced code; it was reported multiple people in China got scammed via CSDN;
- You have to login to copy code on the post, and sometimes hides half the post to require you to login to read.
- All code provided there requires “coins” to download, even they are open-sourced code; it was reported multiple people in China got scammed via CSDN;
- You have to login to copy code on the post, and sometimes hides half the post to require you to login to read.
Oh fuck! Capitalism with beastly grin strikes back.
Put content that is illegal in China into your code, problem solved!
The phrase Tiananmen Square massacre in each file.
Actually that happened 😂 they accidentally “mirrored” some activists’ repository and got blocked temporarily
It is not illegal is it?
If it is legal, then thank you China for the free backup.
I do believe it's illegal if they take a repository with a restrictive license (which includes any repository without a license), and then make it available on their own service. I think China just doesn't care.
You can buy pirated software or pre-cracked consoles in stores there. They don't care.
Law do not exist by itself; it's the result of balance of power. How would you know that your State do not use illegally free software ? And if you know it, could you sue it ? Even if it's a classified administration ?
Apply laws Internationally is even worse. It usually depends of the imperialist relationship between States. For exemple, Facebook rules was illegal in France, but France changes it's laws rather than sue Facebook. A decade later, the whole European Union could forte RGPD upon the GAFAM.
China have nothing to fear in ignoring those licence, and we shouldn't rely on it to protect our work. However we could strengthen our common defenses, through FOSS for people in the US … and maybe trade unions elsewhere.
Some random Chinese company: does something jenky
Blogger: "The entire country of China is doing this jenky thing!"
The random Chinese company: owned by Huawei and CSDN (where CSDN is known to be the worst site known to Chinese developers where they literally costs money to let you download open source code)
Edit: i think my original is a bit unclear, so this is a more detailed info: the company is funded and owned by CSDN (China Software Developer Network) and the actual infrastructure and service is provided by Huawei Cloud. On the website they have written this statement in the registration page.
CSDN is mostly a platform to share posts on software development, but it is known to have a lot of issues, including:
- poor content and directly copied posts from other people without consent, which to a point people is considering the site a content farm; it is even a top blocked site on Kagi;
- All code provided there requires “coins” to download, even they are open-sourced code; it was reported multiple people in China got scammed via CSDN;
- You have to login to copy code on the post, and sometimes hides half the post to require you to login to read.
GitHub are not some bastion of righteousness - they are literally owned by Microsoft. And they work hard to stop people from getting too much Open Source from them, with rate limits and the like, so essentially gate keep.
I think CSDN probably want to gatekeep their clone even harder, but in general having archives of GitHub on the Internet is a good thing.
Yes. Fuck CCP, but having mirror is good.
EDIT: https://lemmy.world/comment/10853810
It appears to be scam-type(capitalism with beastly grin type) mirror.
Great! Now I know who to contact when I accidentally delete all the plaintext API keys and passwords I had stored in a public github repo.
Apart from the dozens of scrape bots that already stole them?
You're supposed to revoke API keys that are leaked. Not try to "unleak" them
Oh boy, Lemmy really doesn't get sarcasm without the "/s", huh?
Free backups.
Yeah, why not. They are not cloning developers, yet. :)
omw to get all the homebrew stuff NIntendo got removed from github lol
They should definitely respect the licenses, that being said, Microsoft owns GitHub and can be a bit quick in what they ban. It also means they are beholden to US laws, which could turn anti FOSS-AI in the near future.
This is a smart move and I honestly hope more countries start doing it. It would probably lead to a better ecosystem.
I think projects like this are good, but I really don't want governments to create their own version of XYZ for the sake of creating clones of XYZ. I'm scared that all this will do is fragment an almost-universal collection of open-source projects into regional variants for no real reason.
Yeah, though the Chinese government isn't doing this out of the goodness of their heart, this is what open source is about.
Shame they don't have anything themselves that's worth the trouble to copy back.
Aren't Alibaba and Huawei huge on opensource?
Let's dismiss all chinese contributors to open source projects with AI, javascript, PHP and so on.
As China leap frogged west in solar and EV tech
Yeah... The main thing I see here is that China (read; government , not the people, not being racist here) will take this code, they will make improvements on it, they will NOT give back. Basically like Microsoft, but now an entire country.
Chinese government hasn't exact had a good reputation when it comes to taking technology and not giving anything back
Not like I'd want contributions from the chinese state programmers.
Feels like an easy entry for state level supply chain attack.Who says they aren't trying right now? I recall SSH had an attempt quite recently, I can guarantee that China is trying hard to include anything to out in back doors
God damn it, Jiaan Yang!
I call my uncle, he’s very corrupt
New New Internet.
If it’s a public repo do they need permission?
Not saying this is good, but you can’t really argue that it’s not a natural consequence of open source.
I'm noticing this misconception in a lot of places.
Just because something is on GitHub, doesn't mean it's open source.
I get what your saying, in that open source projects normally have a licence that applies to how it’s used - but this has always been open to abuse.
Nothing has ever stopped things like this happening - see how industry has taken advantage of open source for decades (often productising things as their own in the process).
If it's on the internet, I save, I pirate, I protect. Don't like it ? Then get off MY internet !
Oh, cool. I might finally find contributors to my projects.
Maybe Lemmy will finally get good mod tools now.
That would be hilarious lol
Might want to audit what they MR though, ctrl+f ".cn" is a quick audit for most of what the chinese "hackers" try
*New GitHub
Is it hosted on New Pied Piper?
no, new new Internet
JIAN YANG!!!!!
suck it, jian yiang
I'm surprised this wasnt done already
And I was just asking yesterday what would you feel if someone evil used your FOSS software: https://lemmy.world/post/16898871
When they mirror it, does they uses a different username? If so I'm totally fine as that's just a fork, otherwise it should count as stolen. Not the project but the name and reputation of the owner.
They can use the same name but if the owner signs their commits we can at least spot the fake commits.
And even if they clone all repos they don't clone the build systems, so their builds of apps and windows installers will be signed with different keys.
For people who follow guides to clone something from a repo, compile it and install it, they need to be on their guard if the repo URL is not the official one.
How many know what even signed commit and build is? For people following a guide they don't even know what Github is for but a nice place to have free programs.
But at what cost???
Better to analyze for vulnerabilities. Particularly with a number of governments using open source software hosted on github.
Well now chinese companies that use free softwware don't have an excuse to share their modifications of their software product.
Preparation for war.
Lmao the murican propaganda worked wonders on this guy
and the Chinese propoganda worked on 2 websites.
Classic Chinese tech co, if you can't create something on your own just download the source files and say you made it. The money spends the same after the fact, anyhow.
This is inevitable:
Once the people in China can only see the CCP's version of everything,
& ALL stuff has been adulterated, either by AI or by some agency-or-other,
THEN dissent should die-down in the Chinese population:
Read Lanier's "Foreign to Familiar" to understand how Tropical-Culture vs Nordic-Culture shapes people, & how old-cultures vs new-cultures shape people,
then read Hofstede's "Exploring Culture" to understand the dimensions of culture that his Cultural Dimensions Theory digs into ( power-distance, uncertainty-avoidance, "success"-orientation, & other dimensions )..
& when you understand how we're kind of "template" people, before being born into culture,
but once born into it, our entire meaning gets framed within whatever culture we were born into..
therefore, the CCP can simply remove most diversity-of-meaning from their completely-possessed-population, through a generation or 2 of that.
Tibetan, Uyghur, Hongkonger, Taiwanese, Indian, South-Korean, Japanese, the intent is consistent: "the destruction of " .. others .. "is the midwife of Chinese supremacy".
I expect a similar kind of program to exist in all right-possessed countries, as the right is doing in the US, right now, with burning or banning books, eradicating proper education, suppressing libraries, etc, they're just doing the same thing as what the CCP's doing, only less-skillfully, is all.
No real difference in their deeper heart/motivation/intent, though: supremacism, crushing/destroying all "other" kinds.
Russia's big on it, too, isn't it?
Islamism..
The "Crusades" were good examples of this kind of idiocy?
The "Inquisition"?
The "Buddhist" genociding of Tamils?
So long as the "home" story is .. "coherent", & "justifies" all, then .. kids grow up .. believing, right?
There's a book, & a Big Think yt video, on "Collective Illusions", which is important!
Please invest in seeing that video, & see how it's actually a delusion-mechanism in our minds..
..used by political-forces, yes, but they couldn't use it if it didn't exist, could they?
_ /\ _
That is a good thought.
What, even the private gits???
No, they don't have access to that
There is always something you can do about it. Always.
It is a new "internet" archive without copyright bla bla? ¯\_(ツ)_/¯
Smart.
I hate authoritarian regimes, but why hosting cloned repos is bad?
EDIT: https://lemmy.world/comment/10853810
It appears to be scam-type(capitalism with beastly grin type) mirror. Not saying that hosting mirrors is bad in itself.
that could come in veery handy once microsoft wants to pull some plugs. i guess we can be grateful for the backup that is 1. not 100% in m$ hands any more then and 2nd cannot be as easy destroyed as some backups at archive.org. i actually hoped for someone with enough money to create this type of security after m$ assimilated github and thought like "does nobody see the rising danger there?" but even if china's great fork might be more reliable than m$ over time, maybe it's better to have your own backups of all the things you actually may need in future.
btw did microsoft manage to get rid of the hackers that settled into their network for .. how long??
i guess they'll tell
I hope they copy the web interface too. I stopped using GitHub for my dumb little projects when Microsoft bought them and I can't be bothered to learn git. I will gladly host my future projects there if it's good.
I can't be bothered to learn git.
How to become unemployable as an engineer 101.
I'm not an engineer and I am employed, I do a little scripting for fun. Software developers should learn how to use git but I'm not one :)
What use is Github / a Github clone to you without knowing git?
Generally, I tend to think more in the direction of that there is some misunderstanding happening, then people being stupid. Maybe that is just the optimist in me.
What exactly is meant when people say they don't know git. Do they mean the repository data format? Do they mean the network protocol? Do they mean the command line utility? Or just how to work with git as a developer, which is similar to other vcs?
I think if you use some git gui, you can get very far, without needing to understand "git", which I would argue most people, that use it daily, don't, at least not fully.
%100 me when I first started github: "welp its saying something I dont understand, time to nuke the local copy and restart"
